The present invention relates generally to telecommunication. More particularly, the invention provides a method and system for enhancing reliability and security protection in telecommunication access control. Merely by way of example, the invention has been applied to an authentication process utilizing Extensible Authentication Protocol (EAP) for improved reliability and security. But it would be recognized that the invention has a much broader range of applicability. For example, the invention can be applied to other telecommunication protocols.
Extensible Authentication Protocol (EAP) is gaining more and more popularity as both authentication and key management framework. Different authentication methods (called EAP methods) can be used between an end client (EAP peer) and a server (EAP server), by embedding method-specific exchanges within generic EAP request and response messages. This allows for intermediaries, such as network edge devices (pass-through authenticators, base stations) and proxies to simply partake in forwarding the authentication signaling through the network without understanding the semantics of the authentication mechanism. The functionalities, expected from the intermediaries include the following:                1. The EAP pass-through authenticator is the point, where EAP encapsulation inside access network link (wireless link or wired) layer protocol is converted into EAP encapsulation in an Authentication Authorization Accounting (AAA) protocol.        2. The EAP pass-through authenticator is expected to understand two final EAP messages (on their way to the EAP peer): EAP Success and EAP Failure, arriving from the EAP server, indicating the result of the authentication process, The pass-through authenticator following reception of an EAP-Success, allows the creation of a network attachment between the peer and the network point of attachment (edge device: base station, access point, etc).        
While the above functionality can be seen as sufficiently secure and reliable for an authentication framework, it is not from the network control and security key distribution point of view, as discussed in more detail below.
Therefore, methods and systems that provide enhanced security and reliability in an authentication process are desirable.